Lucene search

[email protected]NVD:CVE-2014-9326

HistoryMay 12, 2015 - 7:59 p.m.

CVE-2014-9326

2015-05-1219:59:03

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

Affected configurations

NVD

Node

f5big-ip_application_acceleration_managerMatch11.5.0

f5big-ip_application_acceleration_managerMatch11.5.1

f5big-ip_application_acceleration_managerMatch11.5.2

f5big-ip_application_acceleration_managerMatch11.6.0

Node

f5big-ip_policy_enforcement_managerMatch11.3.0

f5big-ip_policy_enforcement_managerMatch11.4.0

f5big-ip_policy_enforcement_managerMatch11.4.1

f5big-ip_policy_enforcement_managerMatch11.5.0

f5big-ip_policy_enforcement_managerMatch11.5.2

f5big-ip_policy_enforcement_managerMatch11.6.0

f5big-ip_policy_enforcement_manager11.5.1

Node

f5big-ip_global_traffic_managerMatch11.5.0

f5big-ip_global_traffic_managerMatch11.5.1

f5big-ip_global_traffic_managerMatch11.5.2

f5big-ip_global_traffic_managerMatch11.6.0

Node

f5big-ip_advanced_firewall_managerMatch11.5.0

f5big-ip_advanced_firewall_managerMatch11.5.1

f5big-ip_advanced_firewall_managerMatch11.5.2

f5big-ip_advanced_firewall_managerMatch11.6.0

Node

f5big-ip_local_traffic_managerMatch11.5.0

f5big-ip_local_traffic_managerMatch11.5.1

f5big-ip_local_traffic_managerMatch11.5.2

f5big-ip_local_traffic_managerMatch11.6.0

Node

f5big-ip_application_security_managerMatch11.5.0

f5big-ip_application_security_managerMatch11.5.1

f5big-ip_application_security_managerMatch11.5.2

f5big-ip_application_security_managerMatch11.6.0

Node

f5big-ip_link_controllerMatch11.5.0

f5big-ip_link_controllerMatch11.5.1

f5big-ip_link_controllerMatch11.5.2

f5big-ip_link_controllerMatch11.6.0

Node

f5big-ip_access_policy_managerMatch11.5.0

f5big-ip_access_policy_managerMatch11.5.1

f5big-ip_access_policy_managerMatch11.5.2

f5big-ip_access_policy_managerMatch11.6.0

Node

f5big-ip_analyticsMatch11.5.0

f5big-ip_analyticsMatch11.5.1

f5big-ip_analyticsMatch11.5.2

f5big-ip_analyticsMatch11.6.0

Node

f5big-ip_access_policy_managerMatch11.5.0

f5big-ip_access_policy_managerMatch11.5.1

f5big-ip_access_policy_managerMatch11.5.2

f5big-ip_access_policy_managerMatch11.6.0

References

www.securitytracker.com/id/1032305

support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

Related for NVD:CVE-2014-9326

cvelist1 prion1 f52 cve1 nessus1